Systems and Methods for Authorizing Agentic Applications

This application claims priority to U.S. Provisional Patent Application No. 63/723,785, filed Nov. 22, 2024, which is hereby incorporated by reference in its entirety.

The present disclosure relates generally to communication networks, and more particularly, to systems and methods for authorizing agentic applications.

The advent of generative artificial intelligence (AI) provides for some natural language interaction with applications. For example, people may interact with applications in natural language to complete interactions. However, due to the probabilistic nature of natural language models (LLMs), these interactions are significantly much less reliable than those with a human. In current systems, the lack of reliability requires a human-in-the-loop to verify what a software agent is going to do before action is taken. Current authorization mechanisms typically delegate authority based on a role or generic action to humans.

According to an embodiment, a method includes intercepting, by a trust processor, a transaction interaction communicated between an artificial intelligence (AI) agent and a service. The transaction interaction includes a series of requests associated with a transaction. The method also includes receiving, by the trust processor and from a user device, a first response to a request for the user device to provide a verification to a commitment to the transaction. The method further includes determining, by the trust processor, whether to allow the transaction to proceed to the service based on the first response.

In certain embodiments, the method includes, when the first response verifies the commitment to the transaction: communicating, by the trust processor, the commitment to the transaction to the service, receiving, by the trust processor, a second response from the service, wherein the second response indicates that the service committed the transaction, and/or communicating, by the trust processor, the second response to the user device.

In some embodiments, the method includes signing, by the trust processor, the transaction and communicating, by the trust processor and along with the second response, the signed transaction, a timestamp associated with the transaction, and an established contract associated with the transaction directly to the user device via a secure communication channel.

In certain embodiments, the method includes, when the first response fails to verify the commitment to the transaction: preventing, by the trust processor, the transaction from proceeding to the service, or aborting, by the trust processor, the transaction.

In some embodiments, the method includes communicating, by the trust processor and directly to the user device, the request for the user device to provide the verification of the transaction, wherein the AI agent is unaware of the trust processor.

In certain embodiments, the AI agent communicates the request for the user device to provide the verification of the transaction to the user device. In some embodiments, the AI agent is aware of the trust processor. In certain embodiments, the AI agent is prevented from communicating directly with the service.

According to another embodiment, one or more computer-readable non-transitory storage media embody instructions that, when executed by a processor, cause the processor to perform operations. The operations include intercepting, by a trust processor, a transaction interaction communicated between an AI agent and a service. The transaction interaction includes a series of requests associated with a transaction. The operations also include receiving, by the trust processor and from a user device, a first response to a request for the user device to provide a verification to a commitment to the transaction. The operations further include determining, by the trust processor, whether to allow the transaction to proceed to the service based on the first response.

According to yet another embodiment, a trust processor performs operations including intercepting a transaction interaction communicated between an AI agent and a service. The transaction interaction includes a series of requests associated with a transaction. The operations also include receiving, from a user device, a first response to a request for the user device to provide a verification to a commitment to the transaction. The operations further include determining whether to allow the transaction to proceed to the service based on the first response.

Technical advantages of certain embodiments of this disclosure may include one or more of the following. To enforce trust for AI agents, certain embodiments delegate the trust to a new third party, the trust processor. Similar to a payment processor for financial transactions, the trust Processor executes the transaction on behalf of the human given the AI agent's input and after human verification. By delegating the trust to a third party, the human user does not need to trust the potentially probabilistic AI agent, and many agents can use the same trust system. The trust processor may be a proxy for service(s) that is transparent to the AI agent, or the trust processor and the AI agent may work together to assist the user.

Other technical advantages will be readily apparent to one skilled in the art from the following figures, descriptions, and claims. Moreover, while specific advantages have been enumerated above, various embodiments may include all, some, or none of the enumerated advantages.

1 FIG. 2 2 FIGS.A andB 1 FIG. 3 FIG. 4 FIG. 1 3 FIGS.- 100 200 200 100 300 400 a b This disclosure describes systems and methods to authorize agentic applications.illustrates a systemfor authorizing agentic applications.illustrate operational flowsandperformed by the systemin.illustrates a methodfor authorizing agentic applications, andillustrates a computer systemthat may be used to perform one or more operations described in reference to.

1 FIG. 4 FIG. 100 100 100 100 illustrates an example systemfor authorizing agentic applications. Systemor portions thereof may be associated with an entity, which may include any entity, such as a business, company, or enterprise, which generates risk scores. In certain embodiments, the entity may be a service provider that provides security services. The components of systemmay include any suitable combination of hardware, firmware, and software. For example, the components of systemmay use one or more elements of the computer system of.

1 FIG. 100 110 112 114 119 136 172 136 114 116 110 114 118 118 110 118 110 119 114 120 a a b b In the illustrated embodiment of, systemincludes a user device, a user, a network, one or more application agents, one or more services, and a trust processor. The serviceis shown communicatively connected to the networkvia a connection. The user deviceis shown communicatively connected to the networkvia the connections(shown as the connectionfor the user deviceand a connectionfor the user device). The application agentsare shown communicatively connected to the networkvia the connections.

110 100 110 110 110 110 112 100 The user deviceof systemrepresents any electronic equipment configured to receive, create, process, store, and/or communicate information. The user devicemay include one or more portable devices (e.g., mobile phones (e.g., smartphones), laptop computers, tablets, personal digital assistants (PDAs), tablets, wearable devices, and the like), vehicular communication systems, and the like. In certain embodiments, the user deviceinclude an electronic display screen. For example, the user devicemay include a liquid crystal display (LCD), an organic light-emitting diode (OLED) flat screen interface, digital buttons, a digital keyboard, physical buttons, a physical keyboard, one or more touch screen components, a graphical user interface (GUI), and the like. The user devicemay be located in any suitable location to receive and communicate information to userof system.

110 100 112 110 1 FIG. The user deviceof systemruns one or more applications. Applications are computer software that perform specific functions for useror for another application. Each application may be self-contained or may be a group of programs. In the illustrated embodiment of, the applications running on user deviceinclude device applications.

112 100 110 112 112 112 112 110 The userof systemrepresents a person who utilizes user device. Usermay be a local user, a remote user, a programmer, an administrator, a customer, a company, a combination thereof, and the like. In certain embodiments, useris associated with one or more accounts. Usermay be associated with an account name, a username, a login name, a screen name, one or more passwords, a user profile, and the like. In certain embodiments, userutilizes one or more applications downloaded to user device.

114 100 100 114 100 114 114 114 114 100 114 Networkof systemis any type of network that facilitates communication between components of system. Networkmay connect one or more components of system. One or more portions of networkmay include an ad-hoc network, the Internet, an intranet, an extranet, a portion of a Public Switched Telephone Network (PSTN), a virtual private network (VPN), an Ethernet VPN (EVPN), a local area network (LAN), a wireless LAN (WLAN), a virtual LAN (VLAN), a wide area network (WAN), a wireless WAN (WWAN), a software-defined wide area network (SD-WAN), a metropolitan area network (MAN), a cellular telephone network, a Digital Subscriber Line (DSL), an Multiprotocol Label Switching (MPLS) network, a 3G/4G/5G/6G network, a Long Term Evolution (LTE) network, a cloud network, a combination of two or more of these, or other suitable types of networks. Networkmay include one or more different types of networks. Networkmay be any communications network, such as a private network, a public network, a connection through the Internet, a mobile network, a Wi-Fi network, and the like. Networkmay include a core network, an access network of a service provider, an Internet service provider (ISP) network, and the like. One or more components of systemmay communicate over network.

114 114 114 Networkmay include one or more nodes. Nodes may be connection points within networkthat receive, create, store and/or send data along a path. Nodes may include one or more redistribution points that recognize, process, and forward data to other nodes of network. Nodes may include virtual and/or physical nodes. For example, nodes may include one or more physical devices, virtual machines, bare metal servers, and the like. As another example, nodes may include data communications equipment such as computers, routers, servers, printers, workstations, switches, bridges, modems, hubs, and the like.

119 100 119 119 119 The application agentsof systemrepresent autonomous software entities. In certain embodiments, application agentsare AI agents that generate content (e.g., data, data programs, instructions, operational flows, and the like), make decisions, and/or interact with surrounding physical and/or virtual environments to complete specific tasks. The application agentsmay interact with one or more physical and/or virtual environments via one or more peripherals and/or interfaces. The application agentsmay adapt and learn from new data and/or information, offering flexibility and handling complex tasks without and/or with less human intervention.

119 119 119 119 119 In some embodiments, the application agentsinclude one or more reflective agents that analyze previous agentic actions and/or decisions, adapt based on feedback summarized from the analyses, and perform one or more updated operations to improve over time. The application agentsmay be one or more tool agents that continuously monitor agentic performance against predefined target performance parameters. Certain application agentsmay determine areas in which agentic operations may be deficient, determine one or more solutions to inhibit, solve, and/or eliminate any determined deficiencies, and/or update one or more configuration parameters in accordance with the one or more solutions. The application agentsmay invoke one or more tools to perform one or more tasks. In one or more embodiments, the application agentsare model-based reflex agents that use one or more internal models of the environment to make decisions.

136 100 112 136 136 112 The servicesof systemrepresent actions or activities performed for the benefit of the user. In certain embodiments, servicesare used to perform transactions. A transaction represents any exchange between two or more parties, where something of value is exchanged for something else of value. In the context of goods and services, one party (e.g., service) provides something (goods or services), and receives payment (e.g., from user) in return.

172 100 172 172 172 119 172 112 119 119 172 136 119 172 119 112 The trust processorof systemrepresents a software system designed to manage and/or automate tasks related to trusts. In certain embodiments, trust processormanages and/or automates task for financial institutions. For example, the trust processormay act similar to a payment processor for financial transactions. In certain embodiments, the trust processorexecutes the transaction on behalf of the human given input from application agentand after human verification. By delegating the trust to the trust processor(e.g., third party), the userdoes not need to trust the application agent, and many application agentscan use the same trust system. In certain embodiments, the trust processoris a proxy for the service(s)that is transparent to the application agent. In some embodiments, the trust processorand the application agentwork together to assist the user.

172 119 136 119 172 172 119 110 172 110 110 172 136 172 136 172 136 172 136 136 172 136 110 110 172 172 112 119 112 119 119 172 172 In operation, the trust processorintercepts a transaction interaction communicated between the application agentand the service. The transaction interaction includes a series of requests associated with a transaction. If the application agentis unaware of the trust processor, then the trust processorcommunicates a request for verification of the transaction directly to the user device. If the application agentis aware of the transaction, then the AI agent may communicate the request for verification of the transaction the user device. The trust processorthen receives, from the user device, a response to the request for the user deviceto provide a verification to a commitment to the transaction. The trust processordetermines whether to allow the transaction to proceed to the servicebased on the response. If the trust processordetermines to allow the transaction to proceed to the service, the trust processorcommunicates the commitment to the transaction to the service. The trust processorthen receives a response from the serviceindicating that the servicecommitted the transaction. The trust processorsigns the transaction and communicates the response received from the service, the signed transaction, a timestamp associated with the transaction, and an established contract associated with the transaction to the user device. If the response received from the user devicefails to verify the commitment to the transaction, the trust processorprevents the transaction from proceeding to the service and/or aborts the transaction. As such, the trust processorexecutes the transaction on behalf of the usergiven the input from the application agentand after human verification. By delegating the trust to a third party, the userdoes not need to trust the potentially probabilistic application agent, and many application agentscan use the same trust system. The trust processormay be a proxy for service(s) that is transparent to the AI agent, or the trust processorand the AI agent may work together to assist the user.

2 FIG.A 2 FIG.A 200 172 200 110 110 119 172 136 119 172 172 136 119 119 136 172 a a a illustrates an operational flowfor authorizing agentic applications using a trust processoras a proxy, in accordance with certain embodiments. The operational flowis performed using the user device(e.g., representative of the user devices), an application agent(e.g., an AI application agent), a trust processor, and a service. In the illustrated embodiment of, the application agentdoes not need to be aware of the trust processor. The trust processoracts as a proxy for the servicewith which the application agentinteracts. There are many different mechanisms for introducing proxies (e.g., Domain Name System (DNS) redirection). Herein, whenever the application agentinteracts with the service, the trust processorintercepts and proxies one or more requests.

210 110 211 119 119 136 172 136 119 119 172 136 119 a At operation, the user devicegenerates and transfers a task request (e.g., an operation request) to application agent. In some embodiments, the application agentdoes not need any credentials to the serviceas the trust processorcommunicates directly with the service. The application agentmay be configured with a different set of credentials that allows the application agentto be identified to the trust processorinstead of the service. The application agentmay be configured with no (or false) credentials, providing it with zero trust.

212 119 172 172 119 119 136 214 172 136 172 119 136 At operation, the application agentregisters at least one communication operation (e.g., a data exchange operation and/or transaction) with the trust processor. Herein, the trust processordetermines one or more previous operations and/or generative operational flows implemented, executed, and/or performed by the specific application agentand evaluate one or more operations of the application agentthat lead to the attempt to register a transaction with a service. At operation, the trust processorregisters the transaction with the serviceif the trust processorapproves that the application agentis allowed to interact with the service.

216 136 172 218 172 219 136 119 220 119 110 222 224 222 119 223 110 172 136 119 110 110 119 110 172 110 a a a a a a At operation, the serviceaccepts the registered transaction and provides one or more transaction details to the trust processor. At operation, the trust processorparses the transaction details and forwards the transaction detailsfor the serviceto the application agent. At operation, the application agentand the user deviceperform operationsand. At operation, the application agentinforms (e.g., via a verification request) the user devicethat the trust processorapproves of one or more communication operations including the service. For example, the application agentmay verify the transaction with the user device. The verification is not considered enough for the user deviceto fully trust the application agent. If a request is determined to be a transaction commit (e.g., to submit a particular form in a web application), the user devicemay request one or more communication operations directly by the trust processorto verify that the user deviceis allowed to perform one or more of the communication operations.

224 110 225 119 110 226 119 127 172 119 136 a a At operation, the user devicecommits (e.g., via a verification response) to the application agentthat the user deviceaccepts performing the communication operations. At operation, the application agentinforms (e.g., via a verification response) the trust processorthat the application agentis accepted to perform one or more communication operations including the service.

228 172 110 110 110 172 a a a At operation, the trust processorverifies whether the user deviceapproved the communication operations by double-checking information with the user device. In the event the user devicecancels the communication operations and/or one or more errors occur, the trust processorprevents the transaction commit or inhibits, stop, and/or cancels one or more of the communication operations (e.g., cancel a form submission).

230 172 110 110 232 172 136 119 110 136 a a a At operation, the trust processorreceives from the user devicethat the communication operations are approved by the user device. At operation, the trust processorinforms the servicethat the communication operations are allowed to be performed between the application agent, the user device, and the service.

234 136 172 236 119 238 172 172 172 110 172 119 110 172 136 119 240 119 110 a a a. At operation, the serviceconfirms with the trust processorthat the transaction has been committed. At operation, the application agentreceives a confirmation that transaction has been committed. At operation, the trust processorprovides the confirmation that communication operations are expected to be performed. Since the trust processormay proxy a service interaction, the trust processormay provide one or more relevant details to the user device(e.g., the complete content of a form submission). In some embodiments, the trust processorprovides one or more evaluation results of a committed transaction to the application agentand the user device. The trust processoris commits to the serviceby initiating the application agentto perform the system operation. At operation, the application agentperforms the one or more communication operations with the user device

2 FIG.A 2 FIG.A 172 119 172 110 119 110 172 172 110 119 172 136 a a a In the example of, the trust processorenforces trust of the application agentover time. The trust processormay execute one or more communication operations on behalf of a user devicegiven an input to the application agentand after user device verification between the user deviceand the trust processor. By delegating the trust to the trust processor, the user devicedoes not rely on its internal tracking of the application agentto trust any probabilistic application agents.shows an example in which the trust processoris a proxy for the servicethat is transparent to the AI agent.

172 172 110 172 136 172 119 172 110 a a In one or more embodiments, the trust processoris capable of signing the transaction for non-repudiation purposes. The trust processormay be equipped with key material through which the user deviceattests whether a transaction took place by a trust processor, on a certain date and time of day, contract that is been established, and/or a precise response as received from the service. The trust processormay run in a secure enclave or include a connection to a secure enclave for signing purposes to keep key material private and/or at one or more levels of security. If the application agentcannot be trusted, the trust processormay include a direct connection with the user devicefor recording an agreement triggering the one or more communication operations. The communication operations may include recording server details associated with authenticated material for one or more non-repudiation requirements and/or conditions.

2 FIG.A 2 FIG.A 2 FIG.A 200 200 a a Althoughillustrates a particular number of components of the operational flow, this disclosure contemplates any suitable number of components. Althoughillustrates a particular arrangement of the components of the operational flow, this disclosure contemplates any suitable arrangement of the components. Furthermore, althoughdescribes and illustrates particular components, devices, or systems performing particular actions, this disclosure contemplates any suitable combination of any suitable components, devices, or systems performing any suitable actions.

2 FIG.B 2 FIG.B 200 172 200 110 110 119 172 136 172 119 110 119 172 119 110 136 b b a a a illustrates an operational flowfor authorizing agentic applications using a trust processoras a service, according to one or more embodiments. The operational flowis performed using the user device(e.g., representative of the user devices), an application agent, a trust processor, and a service. Herein, the trust processormay verify system operations to be performed by the application agentby verifying system operations with the user deviceand without verifying with the application agent. In, the trust processoracts as an explicit service provider between the application agent, the user device, and the service.

260 110 261 119 262 119 136 a At operation, the user devicegenerates and transfer a task request (e.g., an operation request) to an application agent. At operation, the application agentsends a request to the service.

264 136 119 136 266 119 172 268 172 136 At operation, the servicesends a reply to the application agentacknowledging that the servicereceived the request. At operation, the application agentregisters the transaction with the trust processor. At operation, the trust processorregisters the transaction with the service.

270 136 172 272 172 273 136 119 274 119 110 276 278 a At operation, the servicecommunicates one or more transaction details to the trust processor. At operation, the trust processorparses the transaction details and forwards the transaction detailsfor the serviceto the application agent. At operation, the application agentand the user deviceperform operationor.

276 278 119 172 277 279 110 172 136 280 110 172 281 282 172 281 136 a a At operationand at operation, the application agentand/or the trust processorinform (e.g., via a verification requestand verification request, respectively) the user devicethat the trust processorapproves of one or more communication operations including the service. At operation, the user devicesends a notification to the trust processorcommitting (via commit transaction) to the transaction. At operation, the trust processorcommunicates commit transactionto the service.

284 136 172 290 172 110 292 172 119 a At operation, the servicecommits the transaction and communicates a confirmation of the committed transaction to the trust processor. At operation, the trust processorprovides the confirmation to the user device. At operation, the trust processormay also provide the confirmation to the application agent.

2 FIG.B 119 172 110 119 172 119 136 172 110 119 110 172 172 110 172 172 136 110 119 110 119 136 119 136 a a a a a a In the example of, the application agentworks with the trust processorto create trust for the user device. In this case, the application agentmay limit trust processorinteractions with the application agentto operations required to commit a transaction with the service. Since the trust processoris aware of the transaction, the messages informing the user devicemay come from the application agentto redirect the user deviceto the trust processoror may come directly from the trust processor. In either case, the commit messages are provided from the user deviceto the trust processordirectly. The trust processormay commit one or more communication operations with the services. In some embodiments, committed transaction details are provided to the user deviceand optionally to the application agentdirectly (e.g., if the user deviceis not originally redirected). Herein, the application agentmay not need any credentials to be able to commit a transaction with the services. Thus, the application agentmay be provided with reduced and/or limited “read-only” (or similar) credentials that allow the AI agent to communicate directly with the service.

2 FIG.B 2 FIG.B 2 FIG.B 200 200 b Althoughillustrates a particular number of components of the operational flow, this disclosure contemplates any suitable number of components. Althoughillustrates a particular arrangement of the components of the operational flowB, this disclosure contemplates any suitable arrangement of the components. Furthermore, althoughdescribes and illustrates particular components, devices, or systems performing particular actions, this disclosure contemplates any suitable combination of any suitable components, devices, or systems performing any suitable actions.

3 FIG. 1 FIG. 1 FIG. 1 FIG. 1 FIG. 300 300 100 300 302 172 119 136 illustrates a methodof orchestrating agent operations, in accordance with certain embodiments. Methodmay be implemented by one or more components of the systemof. The methodstarts at step, where the trust processor (e.g., trust processorof) intercepts a transaction interaction communicated between an artificial intelligence (AI) agent (e.g., application agentof) and a service (e.g., serviceof). In certain embodiments, the transaction interaction includes a series of requests associated with a transaction.

300 310 The AI agent may or may not be aware of the trust processor. If the AI agent is aware of the trust processor, the AI agent communicates a request for to provide a verification of the transaction to the user device. If the AI agent is unaware of the trust processor, then the trust processor communicates the request for the user device to provide the verification of the transaction directly to the user device via a secure communication channel. Methodthen moves to step.

310 300 310 300 312 300 312 At stepof method, the trust processor receives a response from the user device indicating whether or not the user has committed to the transaction. Based on the response, the trust processor determines whether to allow the transaction to proceed to the service. If, at step, the response received from the user device does not include a commitment to the transaction, methodmoves to step, where the trust processor prevents the transaction from proceeding to the service. In certain embodiments, the trust processor may abort the transaction. Methodthen ends at step.

310 300 322 324 300 326 300 328 300 If, at step, the response received from the user device includes a commitment to the transaction, methodmoves to step, where the trust processor communicates the commitment to the transaction to the service. At stepof method, the trust processor receives a response from the service indicating that the service committed the transaction. At stepof method, the trust processor signs the transaction. And at stepof method, the trust processor communicates the response received from the service, the signed transaction, a timestamp associated with the transaction, and/or an established contract associated with the transaction to the user device.

300 300 3 FIG. 3 FIG. 3 FIG. 3 FIG. 3 FIG. Although this disclosure describes and illustrates particular operations in the methodofas occurring in a particular order, this disclosure contemplates any suitable steps of the methodofoccurring in any suitable order. Although this disclosure describes and illustrates an example method of orchestrating agent operations including the particular steps of the method of, this disclosure contemplates any suitable method of orchestrating communication operations, which may include all, some, or none of the steps of the method of, where appropriate. Furthermore, althoughdescribes and illustrates particular components, devices, or systems performing particular actions, this disclosure contemplates any suitable combination of any suitable components, devices, or systems performing any suitable actions.

4 FIG. 400 400 400 400 400 illustrates an example computer system. In particular embodiments, one or more computer systemperform one or more steps of one or more methods described or illustrated herein. In particular embodiments, the one or more computer systemprovide functionality described or illustrated herein. In particular embodiments, software running the on one or more computer systemperforms one or more steps of one or more methods described or illustrated herein or provides functionality described or illustrated herein. Particular embodiments include one or more portions of the one or more computer system. Herein, reference to a computer system may encompass a computing device, and vice versa, where appropriate. Moreover, reference to a computer system may encompass one or more computer systems, where appropriate.

400 400 400 400 400 400 400 400 This disclosure contemplates any suitable number of computer system. This disclosure contemplates the computer systemtaking any suitable physical form. As example and not by way of limitation, the computer systemmay be an embedded computer system, a system-on-chip (SOC), a single-board computer system (SBC) (such as, for example, a computer-on-module (COM) or system-on-module (SOM)), a desktop computer system, a laptop or notebook computer system, an interactive kiosk, a mainframe, a mesh of computer systems, a mobile telephone, a personal digital assistant (PDA), a server, a tablet computer system, an augmented/virtual reality device, or a combination of two or more of these. Where appropriate, the computer systemmay include the one or more computer system; be unitary or distributed; span multiple locations; span multiple machines; span multiple data centers; or reside in a cloud, which may include one or more cloud components in one or more networks. Where appropriate, the one or more computer systemmay perform without substantial spatial or temporal limitation one or more steps of one or more methods described or illustrated herein. As an example, and not by way of limitation, the one or more computer systemmay perform in real time or in batch mode one or more steps of one or more methods described or illustrated herein. The one or more computer systemmay perform at different times or at different locations one or more steps of one or more methods described or illustrated herein, where appropriate.

400 402 404 406 408 410 412 In particular embodiments, the computer systemincludes a processor, a memory, a storage, an input/output (I/O) interface, a communication interface, and a bus. Although this disclosure describes and illustrates a particular computer system having a particular number of particular components in a particular arrangement, this disclosure contemplates any suitable computer system having any suitable number of any suitable components in any suitable arrangement.

402 402 404 406 404 406 402 402 402 404 406 402 404 406 402 402 402 404 406 402 402 402 402 402 402 In particular embodiments, the processorincludes hardware for executing instructions, such as those making up a computer program. As an example, and not by way of limitation, to execute instructions, the processormay retrieve (or fetch) the instructions from an internal register, an internal cache, the memory, or the storage; decode and execute them; and then write one or more results to an internal register, an internal cache, the memory, or the storage. In particular embodiments, the processormay include one or more internal caches for data, instructions, or addresses. This disclosure contemplates the processorincluding any suitable number of any suitable internal caches, where appropriate. As an example, and not by way of limitation, the processormay include one or more instruction caches, one or more data caches, and one or more translation lookaside buffers (TLBs). Instructions in the instruction caches may be copies of instructions in the memoryor the storage, and the instruction caches may speed up retrieval of those instructions by the processor. Data in the data caches may be copies of data in the memoryor the storagefor instructions executing at the processorto operate on; the results of previous instructions executed at the processorfor access by subsequent instructions executing at the processoror for writing to the memoryor the storage; or other suitable data. The data caches may speed up read or write operations by the processor. The TLBs may speed up virtual-address translation for processor. In particular embodiments, processormay include one or more internal registers for data, instructions, or addresses. This disclosure contemplates the processorincluding any suitable number of any suitable internal registers, where appropriate. Where appropriate, the processormay include one or more arithmetic logic units (ALUs); be a multi-core processor; or include one or more processors. Although this disclosure describes and illustrates a particular processor, this disclosure contemplates any suitable processor.

404 402 402 400 406 400 404 402 404 402 402 402 404 402 404 406 404 406 402 404 412 402 404 404 402 404 404 404 In particular embodiments, the memoryincludes main memory for storing instructions for the processorto execute or data for the processorto operate on. As an example, and not by way of limitation, the computer systemmay load instructions from storageor another source (such as, for example, another computer system) to the memory. The processormay then load the instructions from the memoryto an internal register or internal cache. To execute the instructions, the processormay retrieve the instructions from the internal register or internal cache and decode them. During or after execution of the instructions, the processormay write one or more results (which may be intermediate or final results) to the internal register or internal cache. The processormay then write one or more of those results to memory. In particular embodiments, the processorexecutes only instructions in one or more internal registers or internal caches or in the memory(as opposed to the storageor elsewhere) and operates only on data in one or more internal registers or internal caches or in the memory(as opposed to the storageor elsewhere). One or more memory buses (which may each include an address bus and a data bus) may couple the processorto the memory. The busmay include one or more memory buses, as described below. In particular embodiments, one or more memory management units (MMUs) reside between the processorand the memoryand facilitate accesses to the memoryrequested by the processor. In particular embodiments, the memoryincludes random access memory (RAM). This RAM may be volatile memory, where appropriate. Where appropriate, this RAM may be dynamic RAM (DRAM) or static RAM (SRAM). Moreover, where appropriate, this RAM may be single-ported or multi-ported RAM. This disclosure contemplates any suitable RAM. The memorymay include one or more memories, where appropriate. Although this disclosure describes and illustrates particular memory, this disclosure contemplates any suitable memory.

406 406 406 406 400 406 406 406 406 402 406 406 406 In particular embodiments, the storageincludes mass storage for data or instructions. As an example, and not by way of limitation, the storagemay include a hard disk drive (HDD), a floppy disk drive, flash memory, an optical disc, a magneto-optical disc, magnetic tape, or a Universal Serial Bus (USB) drive or a combination of two or more of these. The storagemay include removable or non-removable (or fixed) media, where appropriate. The storagemay be internal or external to the computer system, where appropriate. In particular embodiments, the storageis non-volatile, solid-state memory. In particular embodiments, the storageincludes read-only memory (ROM). Where appropriate, this ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), electrically alterable ROM (EAROM), or flash memory or a combination of two or more of these. This disclosure contemplates a mass storagetaking any suitable physical form. The storagemay include one or more storage control units facilitating communication between the processorand the storage, where appropriate. Where appropriate, the storagemay include one or more storages. Although this disclosure describes and illustrates particular storage, this disclosure contemplates any suitable storage.

408 400 400 400 408 408 402 408 408 In particular embodiments, the I/O interfaceincludes hardware, software, or both, providing one or more interfaces for communication between the computer systemand one or more I/O devices. The computer systemmay include one or more of these I/O devices, where appropriate. One or more of these I/O devices may enable communication between a person and the computer system. As an example, and not by way of limitation, an I/O device may include a keyboard, keypad, microphone, monitor, mouse, printer, scanner, speaker, still camera, stylus, tablet, touch screen, trackball, video camera, another suitable I/O device or a combination of two or more of these. An I/O device may include one or more sensors. This disclosure contemplates any suitable I/O devices and any suitable I/O interfacesfor them. Where appropriate, the I/O interfacemay include one or more device or software drivers enabling processorto drive one or more of these I/O devices. The I/O interfacemay include one or more I/O interfaces, where appropriate. Although this disclosure describes and illustrates a particular I/O interface, this disclosure contemplates any suitable I/O interface.

410 400 400 410 410 400 400 400 410 410 410 In particular embodiments, the communication interfaceincludes hardware, software, or both providing one or more interfaces for communication (such as, for example, packet-based communication) between the computer systemand one or more other computer systemor one or more networks. As an example, and not by way of limitation, the communication interfacemay include a network interface controller (NIC) or network adapter for communicating with an Ethernet or other wire-based network or a wireless NIC (WNIC) or wireless adapter for communicating with a wireless network, such as a WI-FI network. This disclosure contemplates any suitable network and any suitable communication interfacefor it. As an example, and not by way of limitation, the computer systemmay communicate with an ad hoc network, a personal area network (PAN), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), or one or more portions of the Internet or a combination of two or more of these. One or more portions of one or more of these networks may be wired or wireless. As an example, the computer systemmay communicate with a wireless PAN (WPAN) (such as, for example, a BLUETOOTH WPAN), a WI-FI network, a WI-MAX network, a cellular telephone network (such as, for example, a Global System for Mobile Communications (GSM) network), or other suitable wireless network or a combination of two or more of these. The computer systemmay include any suitable communication interfacefor any of these networks, where appropriate. The communication interfacemay include one or more communication interfaces, where appropriate. Although this disclosure describes and illustrates a particular communication interface, this disclosure contemplates any suitable communication interface.

412 400 412 412 412 In particular embodiments, the busincludes hardware, software, or both coupling components of the computer systemto each other. As an example and not by way of limitation, the busmay include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a front-side bus (FSB), a HYPERTRANSPORT (HT) interconnect, an Industry Standard Architecture (ISA) bus, an INFINIBAND interconnect, a low-pin-count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCIe) bus, a serial advanced technology attachment (SATA) bus, a Video Electronics Standards Association local (VLB) bus, or another suitable bus or a combination of two or more of these. The busmay include one or more buses, where appropriate. Although this disclosure describes and illustrates a particular bus, this disclosure contemplates any suitable bus or interconnect.

Herein, a computer-readable non-transitory storage medium or media may include one or more semiconductor-based or other integrated circuits (ICs) (such, as for example, field-programmable gate arrays (FPGAs) or application-specific ICs (ASICs)), hard disk drives (HDDs), hybrid hard drives (HHDs), optical discs, optical disc drives (ODDs), magneto-optical discs, magneto-optical drives, floppy diskettes, floppy disk drives (FDDs), magnetic tapes, solid-state drives (SSDs), RAM-drives, SECURE DIGITAL cards or drives, any other suitable computer-readable non-transitory storage media, or any suitable combination of two or more of these, where appropriate. A computer-readable non-transitory storage medium may be volatile, non-volatile, or a combination of volatile and non-volatile, where appropriate.

Herein, “or” is inclusive and not exclusive, unless expressly indicated otherwise or indicated otherwise by context. Therefore, herein, “A or B” means “A, B, or both,” unless expressly indicated otherwise or indicated otherwise by context. Moreover, “and” is both joint and several, unless expressly indicated otherwise or indicated otherwise by context. Therefore, herein, “A and B” means “A and B, jointly or severally,” unless expressly indicated otherwise or indicated otherwise by context.

The scope of this disclosure encompasses all changes, substitutions, variations, alterations, and modifications to the example embodiments described or illustrated herein that a person having ordinary skill in the art would comprehend. The scope of this disclosure is not limited to the example embodiments described or illustrated herein. Moreover, although this disclosure describes and illustrates respective embodiments herein as including particular components, elements, feature, functions, operations, or steps, any of these embodiments may include any combination or permutation of any of the components, elements, features, functions, operations, or steps described or illustrated anywhere herein that a person having ordinary skill in the art would comprehend. Additionally, although this disclosure describes or illustrates particular embodiments as providing particular advantages, particular embodiments may provide none, some, or all of these advantages.

The embodiments disclosed herein are only examples, and the scope of this disclosure is not limited to them. Particular embodiments may include all, some, or none of the components, elements, features, functions, operations, or steps of the embodiments disclosed herein.

Modifications, additions, or omissions may be made to the elements shown in the figures above. The components of a device may be integrated or separated. Moreover, the functionality of a device may be performed by more, fewer, or other components. The components within a device may be communicatively coupled in any suitable manner. Functionality described herein may be performed by one device or distributed across multiple devices. In general, systems and/or components described in this disclosure as performing certain functionality may include non-transitory computer readable memory storing instructions and processing circuitry operable to execute the instructions to cause the system/component to perform the described functionality.

While several embodiments have been provided in the present disclosure, it should be understood that the disclosed systems and methods might be embodied in many other specific forms without departing from the scope of the present disclosure. The present examples are to be considered as illustrative and not restrictive, and the intention is not to be limited to the details given herein. For example, the various elements or components may be combined or integrated in another system or certain features may be omitted, or not implemented.

In addition, techniques, systems, subsystems, and methods described and illustrated in the various embodiments as discrete or separate may be combined or integrated with other systems, modules, techniques, or methods without departing from the scope of the present disclosure. Other items shown or discussed as coupled or directly coupled or communicating with each other may be indirectly coupled or communicating through some interface, device, or intermediate component whether electrically, mechanically, or otherwise. Other examples of changes, substitutions, and alterations are ascertainable by one skilled in the art and could be made without departing from the spirit and scope disclosed herein.

Any appropriate steps, methods, features, functions, or benefits disclosed herein may be performed through one or more functional units or modules of one or more virtual apparatuses. Each virtual apparatus may include a number of these functional units. These functional units may be implemented via processing circuitry configured to execute program code stored in memory. The term unit may have conventional meaning in the field of electronics, electrical devices and/or electronic devices and may include, for example, electrical and/or electronic circuitry, devices, modules, processors, receivers, transmitters, memories, logic solid state and/or discrete devices, computer programs or instructions for carrying out respective tasks, procedures, computations, outputs, and/or displaying functions, and so on, as such as those that are described herein.